- …
- …
Information Security
Information Security Management Framework
The information unit is responsible for coordinating and implementing information security policies, disseminating information security messages, enhancing employee awareness of information security, and collecting and improving the performance and effectiveness of the organization's information security management system through technologies, products, or processes. The audit unit conducts an annual information security audit on internal control systems, specifically focusing on computerized information system controls, to assess the effectiveness of internal control operations.
Information Security Policy
Establishing a company-wide network management framework ensures the normal operation of internal and external information systems. It enhances the maintenance of the company's internal information management system, promoting the healthy implementation of information technology within the company. This ensures and improves work efficiency, accelerates secure information exchange, and electronic document security. It also enforces information security management and complies with the "Information Security Policy," "Information System Management Procedures," "Information Equipment Security Management Operational Specifications," and "Information System Emergency Response Operational Specifications" to safeguard investor rights and maintain company reputation.
Specific Management Plan
Network Security Control
- Deploy a firewall
- Use legitimate antivirus software
- Regularly scan servers and critical data storage media for viruses
- The use of various network services should be carried out in accordance with the Information Security Policy
- Regularly review logs for various network services to track any abnormal situations
Data Access
Control
- Grant different access permissions based on job roles
- Revoke previous permissions upon personnel reassignment.
- Before decommissioning equipment, confidential, sensitive data, and copyrighted software should be removed or overwritten
- Remote login to manage information systems should undergo appropriate approval
Incident Response and Recovery Mechanism
- Regularly review the emergency response plan
- Conduct annual routine exercises for system recovery
- Establish a system backup mechanism and implement off-site backups
- Regularly review computer network security control measures
Advocacy
and Audit
- Continuously promote information security awareness to enhance employees' awareness of cybersecurity
- Conduct internal and external information audits annually, review and correct deficiencies, and report findings to management representatives
Allocate resources to information security management
Continuously invest resources in information security affairs, including strengthening cybersecurity defense mechanisms, enhancing information security management systems, and providing education and training. Implement a comprehensive approach from management to technology, enhancing overall information security capabilities. For prevention, conduct daily off-site backups and testing of database restoration for critical system data. Additionally, perform quarterly disaster recovery drills and integrate them into regular information security operations.
In terms of enhancing cybersecurity awareness, regularly provide focused information security guidance to employees through email or the employee portal. Conduct annual cybersecurity education and training sessions for information technology colleagues. The training includes topics such as understanding social engineering attacks and emphasizing cybersecurity, skills for identifying phishing emails, outsourcing security management for information operations, and network security and management.
TEL:
03-4830321 #240
FAX:
03-4830082
Copyright © TATUNG FINE CHEMICALS Co. rights reserved. | Privacy Statement